Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
AppSec, Pentest,
Audit & Assessment
Vlad Styran
CISSP - CISA - OSCP
OWASP Kyiv - Berezha Security
Mission Objectives
What is Application
Security?
What is a Pentest?
How an Audit is
different?
Why an Assessment is
totall...
Application Security (wrong)
OWASP (Top-10)
”requirements”
Application Pentest Dev environment &
toolchain security
Application Security
(true)
A demo of how wrong people could be about
Application Security
Pentest
If you can test pens, you can test anything.
– HD Moore
Mitre ATT&CK Navigator and… how wrong
people could be about Penetration Testing
https://mitre-attack.github.io/attack-navi...
Audit and Assessment
Assessment Audit
Framework or standard Framework or standard
Gaps between AS IS and TO BE Gaps betwee...
Why do we need all four
and when we need them?
Compliance Business Risk
Security Baseline Technology Risk
Time
covered
Space covered
Self-assessment
Qualified 3rd party ...
В чому різниця між тестами на проникнення, аудитами, та іншими послугами з кібербезпеки
В чому різниця між тестами на проникнення, аудитами, та іншими послугами з кібербезпеки
Sie haben dieses Dokument abgeschlossen.
Nächste SlideShare
What to Upload to SlideShare
Weiter
Nächste SlideShare
What to Upload to SlideShare
Weiter

Teilen

В чому різниця між тестами на проникнення, аудитами, та іншими послугами з кібербезпеки

Відео виступу: https://www.youtube.com/watch?list=PLDLqQj8RuUFszVSKOvM7nxhnzO5016-Te&v=of08ANtBNnM
Коротко текстом: https://styran.com/pentest-vs-audit/

Ähnliche Bücher

Kostenlos mit einer 30-tägigen Testversion von Scribd

Alle anzeigen

Ähnliche Hörbücher

Kostenlos mit einer 30-tägigen Testversion von Scribd

Alle anzeigen
  • Gehören Sie zu den Ersten, denen das gefällt!

В чому різниця між тестами на проникнення, аудитами, та іншими послугами з кібербезпеки

  1. 1. AppSec, Pentest, Audit & Assessment Vlad Styran CISSP - CISA - OSCP OWASP Kyiv - Berezha Security
  2. 2. Mission Objectives What is Application Security? What is a Pentest? How an Audit is different? Why an Assessment is totally other thing?
  3. 3. Application Security (wrong) OWASP (Top-10) ”requirements” Application Pentest Dev environment & toolchain security
  4. 4. Application Security (true)
  5. 5. A demo of how wrong people could be about Application Security
  6. 6. Pentest If you can test pens, you can test anything. – HD Moore
  7. 7. Mitre ATT&CK Navigator and… how wrong people could be about Penetration Testing https://mitre-attack.github.io/attack-navigator/enterprise/
  8. 8. Audit and Assessment Assessment Audit Framework or standard Framework or standard Gaps between AS IS and TO BE Gaps between AS IS and TO BE Snapshot in time A historic period Compliance of controls Compliance and/or effectiveness of controls May provide guidance May provide direction, not guidance Evidence and observation Hard evidence Can be DIY Cannot be DIY Requires some subject matter expertise Doesn’t really require subject matter expertise
  9. 9. Why do we need all four and when we need them?
  10. 10. Compliance Business Risk Security Baseline Technology Risk Time covered Space covered Self-assessment Qualified 3rd party assessment Internal audit External audit Security testing Application pentest Vulnerability assessment Infrastructure pentest

Відео виступу: https://www.youtube.com/watch?list=PLDLqQj8RuUFszVSKOvM7nxhnzO5016-Te&v=of08ANtBNnM Коротко текстом: https://styran.com/pentest-vs-audit/

Aufrufe

Aufrufe insgesamt

184

Auf Slideshare

0

Aus Einbettungen

0

Anzahl der Einbettungen

80

Befehle

Downloads

0

Geteilt

0

Kommentare

0

Likes

0

×